Details of VAR-201012-0106

ID

VAR-201012-0106

CVE

CVE-2010-4557

TITLE

Invensys Wonderware InBatch lm_tcp Service Buffer Overflow Vulnerability

Trust: 1.6

sources: IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-3346 // CNNVD: CNNVD-201012-254

DESCRIPTION

Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001. Invensys Wonderware InBatch and Foxboro I/A Series Batch of lm_tcp The service can experience buffer overflow. Wonderware InBatch and Foxboro I/A Batch of database lock manager (lm_tcp) The service includes 150 When copying a string to a byte buffer, a buffer overflow can occur. This service is 9001/tcp using.lm_tcp Service disruption by a third party with access to the service (DoS) An attacker may be able to attack or execute arbitrary code. RDM Embedded is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The issue affects the 'lm_tcp' service. Failed exploit attempts may crash the application, denying service to legitimate users. The issue affects lm_tcp <= 9.0.0 0248.18.0.0; other versions may also be affected. Wonderware InBatch is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Wonderware InBatch / Foxboro I/A Series "lm_tcp" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42528 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42528/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42528 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42528/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42528/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42528 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Wonderware InBatch and Foxboro I/A Series Batch, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. write 16bits with the value 0 (0x0000) to an arbitrary memory location by sending a specially crafted packet to port 9001. SOLUTION: Apply patches when available. See vendor's advisory for possible mitigation steps. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/inbatch_1-adv.txt Invensys: http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.68

sources: NVD: CVE-2010-4557 // CERT/CC: VU#647928 // JVNDB: JVNDB-2010-002872 // JVNDB: JVNDB-2010-002656 // CNVD: CNVD-2010-3346 // BID: 45245 // BID: 78742 // IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-47162 // PACKETSTORM: 96969

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-3346

AFFECTED PRODUCTS

vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	9.0	Trust: 3.3
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	8.1	Trust: 3.3
vendor:	invensys	model:	foxboro i\/a series batch	scope:	eq	version:	8.1	Trust: 1.0
vendor:	invensys	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	invensys	model:	i/a batch	scope:	eq	version:	8.1	Trust: 0.8
vendor:	invensys	model:	i/a batch	scope:	eq	version:	server all supported	Trust: 0.8
vendor:	invensys	model:	wonderware inbatch	scope:	eq	version:	server all supported	Trust: 0.8
vendor:	invensys	model:	foxboro i/a series batch	scope:	eq	version:	8.1	Trust: 0.6
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	8.1	Trust: 0.4
vendor:	wonderware inbatch	model:	-	scope:	eq	version:	9.0	Trust: 0.4
vendor:	foxboro i a series batch	model:	-	scope:	eq	version:	8.1	Trust: 0.4
vendor:	wonderware	model:	inbatch sp1	scope:	eq	version:	9.0	Trust: 0.3
vendor:	wonderware	model:	inbatch	scope:	eq	version:	9.0	Trust: 0.3
vendor:	wonderware	model:	inbatch	scope:	eq	version:	8.1	Trust: 0.3
vendor:	raima	model:	rdm embedded	scope:	eq	version:	0	Trust: 0.3
vendor:	invensys	model:	foxboro i%2fa series batch	scope:	eq	version:	8.1	Trust: 0.3

sources: IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#647928 // CNVD: CNVD-2010-3346 // BID: 45245 // BID: 78742 // JVNDB: JVNDB-2010-002872 // JVNDB: JVNDB-2010-002656 // CNNVD: CNNVD-201012-254 // NVD: CVE-2010-4557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-4557
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#647928
value:	24.41
Trust: 0.8
NVD:	CVE-2010-4557
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201012-254
value:	CRITICAL
Trust: 0.6
IVD:	7d76270f-463f-11e9-9ec2-000c29342cb1
value:	CRITICAL
Trust: 0.2
IVD:	8d6584dc-2355-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-47162
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-4557
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	7d76270f-463f-11e9-9ec2-000c29342cb1
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	8d6584dc-2355-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-47162
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#647928 // VULHUB: VHN-47162 // JVNDB: JVNDB-2010-002872 // CNNVD: CNNVD-201012-254 // NVD: CVE-2010-4557

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-47162 // JVNDB: JVNDB-2010-002872 // NVD: CVE-2010-4557

THREAT TYPE

network

Trust: 0.6

sources: BID: 45245 // BID: 78742

TYPE

Buffer overflow

Trust: 1.0

sources: IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201012-254

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002872

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-47162

PATCH

title:	Invensys Operations Management Security Alart	url:	http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx	Trust: 1.6
title:	Cyber Security Updates	url:	http://iom.invensys.com/EN/pdfLibrary/SecurityAlert_Invensys_SecurityAlert-LFSEC00000051_12-10.pdf	Trust: 0.8
title:	Wonderware 日本のパートナー	url:	http://global.wonderware.com/JP/Pages/JpPartnersSI.aspx	Trust: 0.8
title:	Wonderware Top Page	url:	http://global.wonderware.com/JP/	Trust: 0.8
title:	WonderwareInBatchSoftware	url:	http://global.wonderware.com/EN/Pages/WonderwareInBatchSoftware.aspx	Trust: 0.8

sources: JVNDB: JVNDB-2010-002872 // JVNDB: JVNDB-2010-002656

EXTERNAL IDS

db:	CERT/CC	id:	VU#647928	Trust: 4.7
db:	SECUNIA	id:	42528	Trust: 4.0
db:	ICS CERT	id:	ICSA-10-348-01	Trust: 3.9
db:	NVD	id:	CVE-2010-4557	Trust: 3.8
db:	EXPLOIT-DB	id:	15707	Trust: 2.0
db:	VUPEN	id:	ADV-2010-3244	Trust: 1.7
db:	CNNVD	id:	CNNVD-201012-254	Trust: 1.1
db:	CNVD	id:	CNVD-2010-3346	Trust: 1.0
db:	JVNDB	id:	JVNDB-2010-002872	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002656	Trust: 0.8
db:	BID	id:	78742	Trust: 0.4
db:	BID	id:	45245	Trust: 0.3
db:	IVD	id:	7D76270F-463F-11E9-9EC2-000C29342CB1	Trust: 0.2
db:	IVD	id:	8D6584DC-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	SEEBUG	id:	SSVID-70368	Trust: 0.1
db:	VULHUB	id:	VHN-47162	Trust: 0.1
db:	PACKETSTORM	id:	96969	Trust: 0.1

sources: IVD: 7d76270f-463f-11e9-9ec2-000c29342cb1 // IVD: 8d6584dc-2355-11e6-abef-000c29c66e3d // CERT/CC: VU#647928 // CNVD: CNVD-2010-3346 // VULHUB: VHN-47162 // BID: 45245 // BID: 78742 // JVNDB: JVNDB-2010-002872 // JVNDB: JVNDB-2010-002656 // PACKETSTORM: 96969 // CNNVD: CNNVD-201012-254 // NVD: CVE-2010-4557

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-10-348-01.pdf	Trust: 3.9
url:	http://www.kb.cert.org/vuls/id/647928	Trust: 3.9
url:	http://secunia.com/advisories/42528	Trust: 3.3
url:	http://iom.invensys.com/en/pages/iom_cybersecurityupdates.aspx	Trust: 2.9
url:	http://aluigi.org/adv/inbatch_1-adv.txt	Trust: 2.8
url:	http://iom.invensys.com/en/pdflibrary/securityalert_invensys_securityalert-lfsec00000051_12-10.pdf	Trust: 2.0
url:	http://www.exploit-db.com/exploits/15707	Trust: 2.0
url:	http://www.vupen.com/english/advisories/2010/3244	Trust: 1.7
url:	http://global.wonderware.com/en/pages/wonderwareinbatchsoftware.aspx	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4557	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4557	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu647928	Trust: 0.8
url:	http://secunia.com/advisories/42528http	Trust: 0.6
url:	http://www.raima.com/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/42528/#comments	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/42528/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://aluigi.altervista.org/adv/inbatch_1-adv.txt	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42528	Trust: 0.1

sources: CERT/CC: VU#647928 // CNVD: CNVD-2010-3346 // VULHUB: VHN-47162 // BID: 45245 // BID: 78742 // JVNDB: JVNDB-2010-002872 // JVNDB: JVNDB-2010-002656 // PACKETSTORM: 96969 // CNNVD: CNNVD-201012-254 // NVD: CVE-2010-4557

CREDITS

Luigi Auriemma

Trust: 0.3

sources: BID: 45245

SOURCES

db:	IVD	id:	7d76270f-463f-11e9-9ec2-000c29342cb1
db:	IVD	id:	8d6584dc-2355-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#647928
db:	CNVD	id:	CNVD-2010-3346
db:	VULHUB	id:	VHN-47162
db:	BID	id:	45245
db:	BID	id:	78742
db:	JVNDB	id:	JVNDB-2010-002872
db:	JVNDB	id:	JVNDB-2010-002656
db:	PACKETSTORM	id:	96969
db:	CNNVD	id:	CNNVD-201012-254
db:	NVD	id:	CVE-2010-4557

LAST UPDATE DATE

2025-04-11T23:19:04.550000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#647928	date:	2010-12-16T00:00:00
db:	CNVD	id:	CNVD-2010-3346	date:	2010-12-23T00:00:00
db:	VULHUB	id:	VHN-47162	date:	2013-08-19T00:00:00
db:	BID	id:	45245	date:	2010-12-15T13:34:00
db:	BID	id:	78742	date:	2010-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2010-002872	date:	2011-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-002656	date:	2011-01-19T00:00:00
db:	CNNVD	id:	CNNVD-201012-254	date:	2010-12-21T00:00:00
db:	NVD	id:	CVE-2010-4557	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	IVD	id:	7d76270f-463f-11e9-9ec2-000c29342cb1	date:	2010-12-23T00:00:00
db:	IVD	id:	8d6584dc-2355-11e6-abef-000c29c66e3d	date:	2010-12-23T00:00:00
db:	CERT/CC	id:	VU#647928	date:	2010-12-15T00:00:00
db:	CNVD	id:	CNVD-2010-3346	date:	2010-12-23T00:00:00
db:	VULHUB	id:	VHN-47162	date:	2010-12-17T00:00:00
db:	BID	id:	45245	date:	2010-12-07T00:00:00
db:	BID	id:	78742	date:	2010-12-17T00:00:00
db:	JVNDB	id:	JVNDB-2010-002872	date:	2011-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-002656	date:	2011-01-19T00:00:00
db:	PACKETSTORM	id:	96969	date:	2010-12-25T08:43:21
db:	CNNVD	id:	CNNVD-201012-254	date:	2010-12-21T00:00:00
db:	NVD	id:	CVE-2010-4557	date:	2010-12-17T19:00:26.293